Radio Access Networks (RANs) and Wireless Local Area Networks (WLANs) are both wireless communication technologies. In a cellular RAN, the areas where the network is distributed are covered by cells, each served by at least one base station (commonly known as a NodeB in a 3G network and an eNodeB in an LTE/4G network). Mobile devices, known as User Equipment (UE), located within a cell connect to the telecommunications core network (CN) via the base station of the cell.
WLAN describes a wireless communication system in which coverage is provided over smaller areas. A common example is Wi-Fi, which is a wireless data communication and networking technology, specified by the Institute of Electrical and Electronics Engineers (IEEE) 802.11 family of standards which define the physical layer (PHY) and medium access control (MAC) layer of the Open Systems Interconnection model (OSI Model).
WLAN enabled devices can establish wireless links with WLAN Access points (APs) which then allow Internet access. WLAN enabled devices can be mobile devices such as laptops, personal digital assistants and mobile phones, or fixed devices such as desktops and workstations that are equipped with a WLAN network interface. WLAN systems use the ISM radio band, a portion of the spectrum reserved internationally for industrial, scientific and medical purposes other than telecommunications. No fees or licenses are needed for use of this band of the spectrum.
Wi-Fi, and other non-3GPP standardised radio access technologies, provide radio coverage over relatively small areas, but at relatively high data rates. The use of unrestricted radio spectrum and relatively low-cost equipment for the provided data rates, has led to widespread deployment of WLAN access points. Access points maybe private or public, with many commercial access points being positioned in public locations for use by customers. Access points may be managed and controlled by the cellular network providers/operators (“operator controlled access points”), or may be independent (“non-operator controlled access points”).
The 3rd Generation Partnership Project (3GPP) and cellular operators have been able to integrate Wi-Fi into Long-Term Evolution (LTE) networks. This allows the cellular operators to provide better services to users located within indoor premises where cellular coverage is typically poorer (e.g. homes, offices, shopping malls, etc.) where Wi-Fi is usually deployed. Wi-Fi can complement cellular radio networks by providing data services in areas of poor cellular reception. Wi-Fi can complement cellular radio networks by providing enhanced data throughput.
In the course of 3GPP Release 12 specifications, 3GPP has been working on new functionality that would allow a Wi-Fi access point (AP) to connect on the Long Term Evolution (LTE) Core Network. As a result, the core network (CN) operators are able to offer a carrier grade Wi-Fi that allows the cellular subscribers to offload part of their traffic. From radio point of view, the LTE Radio Access Network (more specifically evolved NodeB (eNB)) handles a set of Wi-Fi APs whose broadcast identifiers are provided to the subscriber device on the LTE radio interface. It also requires the device to report Wi-Fi radio measurements so that the LTE RAN can trigger the CN to steer the traffic bearer from one radio access to the other. The functionality is called LTE WLAN interworking.
In the course of Release 13, a further step is taken where the LTE Radio Access Network (instead of the Core Network) controls the offloading to allow the best access network for all or some of the data streams related to an IP application. Namely, LTE data is tunnelled within the WLAN network by the RAN. The WLAN network consists of a WLAN Termination (WT) point that terminates the RAN interface (Xw). The WT controls information for a set of WLAN Access Points. Thisis commonly referred to as LTE WLAN aggregation (LWA).
FIG. 1 illustrates the basic general architecture of a system 1 implementing LWA. In the system 1 there is a Core Network (CN) 3, which comprises a Mobile Management Entity/Serving Gateway (MME/S-GW). The CN 3 is connected to eNBs 5 via S1 interfaces 7. The eNBs 5 are connected to the WLAN via Xw interfaces 9. Each of the Xw interfaces terminate at a WT 11, and UEs 13 are connected to the WT 11.
There exists a need for a UE 13 to able to operate with Wi-Fi radio access, whilst being able to configure security parameters when it moves between heterogeneous LTE RAN and/or WLAN networks.
FIG. 2 illustrates the radio protocol architecture that a particular bearer channel will use. There are two bearer types for LWA: split LWA bearer and switched LWA bearer. In the switched LWA bearer type offloading is performed per bearer, so that all the Packet Data Convergence Protocol Packet Data Units (PDCP PDUs) are transmitted from the eNB 5 to the UE 13 either via the WLAN or via the RAN.
In the split LWA bearer type offloading is performed per PDCP PDU, so that the PDCP PDUs are transmitted from the eNB 5 to the UE 13 either via the WLAN or the RAN. The eNB 5 can switch the bearer traffic back and forth between the WLAN and the RAN (for all its data flows or part of them), depending on the radio conditions.
In the downlink (DL) direction, for PDUs sent over WLAN in LWA operation, the LWAAP (LWA Access Point) entity in the eNB 5 generates LWA PDU containing a Data Radio Bearer (DRB) identity and the WT uses the LWA EtherType for forwarding the data to the UE 13 over WLAN.
Upon receipt of a PDU from the WT 11, the UE 13 uses the LWA EtherType to determine that the received PDU belongs to an LWA bearer and uses the DRB identity to determine to which LWA bearer the PDU belongs.
In the uplink (UL) direction, for PDUs sent over WLAN in LWA operation, the UE 13 generates LWA PDUs containing a DRB identity and the WT 11 uses the LWA EtherType for forwarding the data to the eNB over WLAN.
Under the 3GPP LTE radio protocol architecture, the upper layer IP data PDUs are ciphered by the PDCP sublayer. However, when these PDCP data PDUs are conveyed over WLAN in LWA operation, additional ciphering is applied by the Wi-Fi layer. Avoiding double encryption can help in reducing UE processing time, power consumption and cost. More specifically, during downlink, LTE hardware supports 1 Gbps maximum, whilst Wi-Fi 802.11ad hardware can support up to 7 Gbps. Thus, in LWA operation, Wi-Fi hardware can forward data 7 times faster than the LTE hardware can process the data. A similar problem can occur during uplink. In this scenario, the LTE hardware can act as a bottleneck in LWA.
Previously, it has been proposed to allow for an absence of PDCP encryption in order to help to alleviate at least some of the speed reductions caused due to the bottleneck problem. However, in this case, the PDCP PDUs should still be encrypted by WLAN.
From a security point of view, since the WLAN network is under control of the LTE network operator, security of the WLAN network is a concern to the LTE network operator. Thus, the security of the WLAN network needs to be considered by the LTE network operator. In light of this, the RAN provides the security key (so called S-KWT to both the WT and the UE) for protecting the WLAN link. Such security key is used as Pairwise Master Key (PMK) defined in IEEE 802.11 specification. The PMK is used to start the four-way handshake on the WLAN link between the UE and the WLAN AP to perform WLAN re-authentication.
Whilst a UE is mobile within the same eNB or different eNB while connected to a WLAN, the RAN can refresh and update the security key (S-KWT) towards the WT. Previously, it has been proposed that the new security key for the WLAN might not be taken into use immediately. In this way, the four-way handshake can be postponed. Therefore, data transfer on the WLAN link would not be interrupted due to WLAN re-authentication whenever a RAN mobility event occurs, especially when the WT is not changed. The WT can decide to take the new security key into use when WLAN data transfer is not on-going.
There is a need for better control of WLAN encryption, particularly in the scenario where no PDCP encryption is used.
When the RAN refreshes or updates a security key, the UE and the RAN might still be receiving PDCP PDUs using an old ciphering configuration. This may be due to packet buffering at the WT. In the current 3GPP specifications, if old PDCP PDUs are received, they would be discarded, since they do not comply with the new ciphering configuration which has already been taken into use. In addition, deciphering of old PDUs would fail.
There exists a need to be able to decipher PDUs associated with an old ciphering configuration, in order to minimise packet discarding and retransmission.
The embodiments described below are not limited to implementations which solve any or all of the disadvantages of known systems.